Where the real conversations in privacy happen

Alan Westin’s Legacy of Privacy and Freedom

The long and well-deserved obituary of Alan Westin in The New York Times, is one of many tributes now appearing to this pioneer of privacy. I have had great admiration for Alan since he helped this junior law professor enter the privacy field in the mid-1990s. In this short recognition of Alan, I first offer some of the things for which he is best known and then add a few items from my own experience with him:

Privacy and Freedom. The title of this 1967 book itself helped define the privacy field – how an essential aspect of freedom involves control over one’s personal information. Alan defined the four states of privacy as solitude, intimacy, anonymity and reserve. One focus of the book was the threat to freedom that can arise from pervasive use of polygraphs (lie detectors); an important but little-known law that addressed that problem is the Employee Polygraph Protection Act of 1988. In privacy, some problems actually get (more-or-less) solved!

Databanks in a Free Society. This 1972 book highlighted how the mainframe computers of the era created a cascade of issues about privacy. Alan always recognized both the many good uses of data as well as the need for privacy limits on those uses. His attention to “a free society” helped define the basic privacy protections and led to the U.S. Privacy Act of 1974.

Privacy and American Business. With Bob Belair, Alan ran the annual conference and publications for Privacy & American Business. In the 1990’s, as I entered the field, this was THE annual privacy conference related to business practices, with perhaps 200 people in the room. Alan’s intellectual rigor came through in his summary of the year’s privacy events, and major enterprises depended on these insights as they built their data systems.

Survey research on privacy. Although Alan was comfortable with high theory about privacy and freedom, he also insisted on solid factual grounding for his writings. From about 1990 to 2003, Alan conducted the most prominent surveys of consumer attitudes about privacy. Although privacy advocates sometimes criticized these studies as being pro-business, a regular headline supported privacy protections—a heavy majority of consumers reported that they had “lost all control over how personal information about them is circulated and used by companies.” Alan also emphasized the diversity of individual concern about privacy, such as a 1990 study that found that 25% of the public are Privacy Fundamentalists, with 57% as Privacy Pragmatists and 18% as Privacy Unconcerned. The existence of diverse preferences is a powerful rationale for having consumer choice about privacy settings—some consumers are deeply concerned about privacy while others are not.

Now, I add a few of my own experiences in connection with Alan:

The constitutional law scholar. As a law student in the early 1980’s, I did a project on the big Supreme Court case when President Truman seized the steel mills during the Korean War. I relied on a book called The Anatomy of a Constitutional Law Case, by a professor I had never heard of named Alan Westin. The book informed my own views about the importance of checks and balances.

A balance person. In a 2003 interview with CIO Magazine, Alan was asked whether he considered himself an advocate for privacy. He answered:?”I’m a balance person. I identify dangers to privacy, but my solutions are much more about recognizing the competing values that need to be brought into some kind of harmony.” I sympathize deeply with this effort to identify both the uses and the risks of personal information, and have worked both to create privacy protections (coordinating the HIPAA medical privacy rule) and to highlight privacy rules that seemed overly strict (critiques of some aspects of E.U. data protection law).

Responding to the E.U. Directive. Alan’s keen intelligence meant that he often spotted the big privacy issues and worked on them before most others had realized their importance. Before the E.U. Directive went into effect in 1998, I had the good fortune to work with Alan on “model contracts” to send personal information lawfully from the E.U. to countries that lacked “adequate” protection. This work helped define the issues that later turned into the US-EU Safe Harbor agreement.

A legacy of privacy and freedom. The last time I saw Alan was at his home in New Jersey in 2012. He was already quite ill, but he remained determined to continue work on his grand history of privacy. Alan pointed out that the free societies that created democracy had also protected privacy, from ancient Athens (paired against totalitarian Sparta) to the rise of the Parliament in Britain (paired against the authoritarian French kings). The IAPP is now helping to organize work to continue this research and Alan’s irreplaceable legacy.

Written By

0 Comments

Related

A parliamentary body in China has read a second draft of a proposed “far-reaching counterterrorism law that would require technology firms to hand over encryption keys and install security ‘backdoors,’ a potential escalation of what some firms view as the increasingly onerous terms of doing business in the world’s second-largest economy,” Re/code reports. The law is expected to be adopted in the weeks or months ahead, the report states, and the Obama administration has expressed concerns. “It’s ...
Read more

My first impression of Mark Zuckerberg in the flesh is that he is permanently excited and overflowing with energy. That is hardly surprising given his age and his role in the Internet revolution. But the fact that he dropped by at the Mobile World Congress in Barcelona this week is quite significant. The annual Mobile World Congress is a mega event with nearly 100,000 attendees and the participation of every business with an interest in anything to do with mobile communications. So the presence ...
Read more

On Monday, March 2, I attended a reception in Brussels at which new European Data Protection Supervisor (EDPS) Giovanni Buttarelli and Assistant Supervisor Wojciech Wiewiórowski presented their strategic plan for the next five years. Entitled “The EDPS Strategy 2015-2019: Leading by Example,” the document represents a key moment in the work of the EU’s leading data protection regulator.
In the 11 years since Peter Hustinx originally established it, the EDPS has come to enjoy a worldwide reputat...
Read more

The past few years have seen an epic struggle between governments, businesses and individuals for governance of the Internet. The platform, which now pervades every aspect of our daily lives, promises different things to different stakeholders. Governments see it as a driver of economic growth as well as a source of intelligence about competing economies, terrorist threats, domestic law enforcement and, in certain countries, political dissent. Businesses view it as a hotbed for innovation as wel...
Read more

In a speech Tuesday, European Commissioner for Digital Economy and Society Günther Oettinger said the EU should create a single law to protect its citizens' data from Facebook and Google, USA Today reports. "Americans are in the lead. They have the data, the business models and the power,” Oettinger said, warning tech giants must do more to comply with the EU's data protection rules or face being "thrown out of the single market." Meanwhile, PwC Legal Partner Stewart Room, CIPP/E, has suggested ...
Read more

Tags

The IAPP is the largest and most comprehensive global information privacy community and resource. Founded in 2000, the IAPP is a not-for-profit organization that helps define, support and improve the privacy profession globally.Learn more

The IAPP is the only place you’ll find a comprehensive body of resources, knowledge and experts to help you navigate the complex landscape of today’s data-driven world. We offer individual, corporate and group memberships, and all members have access to an extensive array of benefits.